Archive

In this post I will focus on creating interfaces so it will be a short one because there isn’t much to write home about.

The first thing to know about SROS interfaces is they are named and you bind a physical or logical port to them. The naming of the interface is called in all protocols so you need to make sure you get it right and have a clear convention as deleting the interface will destroy the protocols use of the interface. If you have an OSPF interface and you remove the router interface then OSPF will drop and your network maybe go a little crazy.

So how do we configure them? It’s pretty straightforward and there is no need to create here. Good ol’ ALU consistency.

*A:pe1# configure router interface "to_pe2"

And that’s the interface created. We then need to assign our IP address:

*A:pe1>config>router>if$ address 192.168.123.1/24

You can also run ipv6 over interfaces, which is enabled with the ipv6 command. You need to be in chassis mode C at a minimum and I can’t change that right now…You can do pretty much anything standard, icmp6, DHCP, VRRP.

Then we need to bind this to a physical interface:

*A:pe1>config>router>if$ port 2/1/3:123

Next you might want to run BFD over the interface to use very fast failure detection. The 7750 can be configured to support 10ms transmit intervals but it does require configuration relating to the processor. I have never tried it that low so I dont know what impact it will have on processing.

*A:pe1>config>router>if$ bfd 100 receive 100 multiplier 3

You can assign some CPM protection but I haven’t played with this either so I don’t know how it would benefit you. Something for another time when days allow more than 24 hours in them!

If you want, make the interface a loopback but obviously you need to remove your port binding with the no port command.

If you wish to make it an unnumbered interface you simply configure it with unnumbered and specify an interface name or address you want to take the IP address from.

To configure a secondary interface you simply apply secondary x.x.x.x/y

Finally you can configure VRRP with all the standard bits and bobs that entails. Here is a little snippet that creates the interface as the owner, specifies the partner router as .3, sets the priority to 200 so this interface will be the boss unless there is a problem. You can also tell the interface to reply to pings and traces regardless of it’s state as master or backup which is a pretty cool feature. Finally you can set the delay VRRP takes before establishing for situations where you have a link that may be bouncing.

There are some things you can do with BFD in a VRRP instamce but that will have to wait to my Services posts as it’s more relevant here. Anyway today is day 1 of my CCIE SP study so I have to get down to business there.

In this post I will go over the basics of port configuration on the 7750, going in to some detail on the Ethernet specific parameters you can fine tune. I will do this on XP type MDA which have DDM (diagnostic ability) built in to them. This allows you to see light levels and card temperatures and also sends traps in to SAM so you can keep an eye on optics that may be failing or dirty, nice feature. I don’t really have access to SDH/Sonet type cards but if I dig one out I might try and figure it out and post about it

The first part of configuring your port will cover the usual basics. Depending on the card type you are using the default values with either be network or hybrid more. Basically a network port mode allows you to configure a routed interface, IGP and MPLS and is used to connect your SP routers together. You can’t run services on these ports, for that you need an access port configuration, well except if you have an IMM card (and no doubt others) which allow the configuration of a hybrid mode. This allows the configuration of core connections but also services.

To change a port configuration to any great extent you usually have to shut it down. By default the port will already be shut but sure here is how you do it anyway and then go in to Ethernet sub-config mode:

Changing some of the Ethernet variables have a habit of defaulting ones you may have already set so I like to configure ports in a specific sequence.
The mode determines how the port will function and also alters the MTU (default 9212 on network). As discussed your three modes of operation are access, network (default) and hybrid using the mode command.

*A:pe1>config>port>ethernet# mode access|network|hybrid

Next I like to change the encapsulation which has three options as well: null, dot1q and qinq.

*A:pe1>config>port>ethernet# encap-type dot1q|null|qinq

Now is probably a good time to talk about tag behaviour in SROS/TiMOS. Unlike ‘normal’ VLAN behaviour the tag configuration doesn’t put traffic in to a specific VLAN as it would in a LAN set up. The behaviour is one of a matching criteria only so if we consider we have an interface configured to match tag 100 within service 1234 and the port receives a frame with tag 100 (outer tag) how will traffic be processed? The tag is popped and put in to service 1234:

-If the service is p2p the traffic is MPLS encapsulated (or GRE) and sent as native Ethernet across the core. At the far end PE traffic is de-encapsulated (MPLS) and the egress dot1q tag is pushed and the frame transmitted. If the service is local only then traffic is forwarded out the other local interface without MPLS forwarding.

-If the service is mp2mp the L2 destination address is inspected and a forwarding decision is made by the PE. The remainder of the forwarding behaviour remains the same.

Tagging types:

Like the name suggests null encapsulation uses no tagging. You can only have one service or routed port per physical port. From a service perspective the benefit is tag transparency to the customers tagging as regardless of if the frame is tagged before it gets to your router, the traffic is accepted.

A port configured for dot1q ensures the router must match one tag, of course there are exceptions! In our example with tag 100, if the ingress frame has 100 applied as its outer tag then it is accepted into service 1234. If it is any other integer then it will be dropped unless another matching tag/service is configured. The exceptions here are if you configure a dot1q service SAP to expect untagged traffic or match a wildcard which I will cover when I get on to service configuration.

A port configured with dot1q-in-dot1q will expect services to be double tagged (again with exceptions). Both inner and outer tags are generally matched except where untagged or wildcards are used. The forwarding behaviour remains the same as above except there is now more granularity in how you can match traffic to services. This setup is useful for carriers’ carrier type services where another provider is providing the attachment circuit to a remote location. The outer tag is used for service delimitation on the other carriers network and the inner tag defines the service you are providing over their pipe.

MTU is the next variable I configure. On the SROS routers the MTU will default to 9212 on a network port but not on an access port (that could be release dependent, I don’t know). To change the layer 2 MTU use the mtu # command.

*A:pe1>config>port>ethernet# mtu 9212

If you need to change the speed or duplex settings on a port this is done in the Ethernet context too. You use the speed 10|100|1000 and duplex full|half commands. I won’t spend any more time on these.

That’s it for standard configurations, now on to more case specific ones.

Auto negotiation isn’t anything new but there is a little feature in SROS called limited negotiation. What this does, or doesn’t do, is participate in actual link negotiation but does transmit a form of keepalive across the link which enables faster link failure detection. It is enabled using the following:

*A:pe1>config>port>ethernet# autonegotiation limited

Down When Looped

Another nice feature is called down when looped. This transmits an untagged frame with the source/destination address of the router MAC address with an ethertype of 0x9000. The downside here is the untagged nature of the frame means you cant use this feature where you use a 3rd party attachment circuit as they will be expecting tagged traffic, your frame will be dropped.

If the PE detects it’s own address in a frame of this type it knows there is a loop in the path and disables the port. This feature is hugely import for VPLS builds as a loop on an attachment circuit can bring down every VPLS with an interface on that port. DWL is enabled by entering its context and performing a no shutdown.

As we can see down when looped is enabled and loop detection is false. If a loop was detected this state would change to ‘True’.

Variables we can configure include the keep-alive # option which defines the interval in seconds between transmission of the DWL PDUs. retry-timeout # allows you to set the time in seconds between a port being disabled due to loop detection and the system trying to recover the port. This is similar to err-disable recovery in IOS. Finally you can set the system to set the destination address to the broadcast address, enabled through use-broadcast-address.

Ethertypes:

You can alter the default ethertypes used by dot1q, q-in-q and PBB if you wish. Defaults for the first two are 0x8100 and provider backbone bridging uses 0x88e7.

There are some other variables which you can set that I won’t go in to but you can also enable dot1x, lldp (standardised equivalent to CDP) and various management procotols such as EFM, CFM and ELMI.

A final note on DDM mentioned above. This displays port specific parameters on the XP or IMM cards. The below output shows you the temperature of the port, power readout and, most importantly from an operational perspective, the transmit and receive rates of the optics. The thresholds are used to trigger alerts to your SAM NMS.